Hi,
On Fri, May 13, 2016 at 09:54:21AM +0200, Raphael Hertzog wrote:
> Hi,
>
> On Thu, 12 May 2016, Guido Günther wrote:
> > I have maintained icedove a while ago and know the codebase a bit. I'm
> > also sure we might get support from the current maintainers as long as
> > we're able to build
On Tue, May 17, 2016 at 12:13:29PM -0400, Antoine Beaupré wrote:
> On 2016-05-13 09:00:59, Antoine Beaupré wrote:
> > So if we're going to do this painful work, might as well maintain some
> > qemu interface in wheezy as well. I am not sure I see what additional
> > cost this would bring: although
On Sat, May 14, 2016 at 09:11:17PM +0200, Moritz Mühlenhoff wrote:
> On Fri, May 13, 2016 at 02:10:48PM +0200, Guido Günther wrote:
> > > No, I recommend to EOL src:qemu/qemu-kvm in wheezy (the bits relevant to
> > > src:xen are
> > > somewhat isolated and can be backported from the Xen Security
On Fri, May 13, 2016 at 02:10:48PM +0200, Guido Günther wrote:
> > No, I recommend to EOL src:qemu/qemu-kvm in wheezy (the bits relevant to
> > src:xen are
> > somewhat isolated and can be backported from the Xen Security announcements)
> > Backporting jessie's qemu will end up in a similar
>>> AFAIK Xen in Wheezy is using the version shipped with Xen itself and we
Yes, and this is used to support HVM mode guests, where the security
of qemu matters. Seemingly (from qemu/VERSION) this is a very old
"0.10.2" version of qemu!!!
I do wonder to what extent updating _that_ qemu used to
On 2016-05-13 06:30:35, Moritz Muehlenhoff wrote:
> On Fri, May 13, 2016 at 12:21:13PM +0200, Raphael Hertzog wrote:
>> On Fri, 13 May 2016, Moritz Muehlenhoff wrote:
>> > > I'm not convinced that
>> > > supporting the current Wheezy versions of QEMU for two more years is of
>> > > much use (in
Hi,
On Fri, May 13, 2016 at 12:30:35PM +0200, Moritz Muehlenhoff wrote:
> On Fri, May 13, 2016 at 12:21:13PM +0200, Raphael Hertzog wrote:
> > On Fri, 13 May 2016, Moritz Muehlenhoff wrote:
> > > > I'm not convinced that
> > > > supporting the current Wheezy versions of QEMU for two more years is
On Fri, 13 May 2016, Santiago Ruano Rincón wrote:
> > And announce those changes at the same time ideally.
>
> Through DLAs maybe?
Yes, a DLA is fine for this.
> I have a pending upload to close #824015, but now I'd prefer to wait
> until May 23, for giving time to decide on this, and to wait
On Fri, 13 May 2016, Moritz Muehlenhoff wrote:
> > I'm not convinced that
> > supporting the current Wheezy versions of QEMU for two more years is of
> > much use (in contrast to the version currently in Jessie) compared to
> > the effort of backporting security fixes.
>
> Ack.
I'm not sure that
On Fri, May 13, 2016 at 12:09:08PM +0200, Guido Günther wrote:
> On Fri, May 13, 2016 at 09:40:42AM +0200, Raphael Hertzog wrote:
> > On Thu, 12 May 2016, Guido Günther wrote:
> > > > I would rather see qemu supported, in other words. But the version in
> > > > wheezy is really old, and in
On Fri, May 13, 2016 at 09:40:42AM +0200, Raphael Hertzog wrote:
> On Thu, 12 May 2016, Guido Günther wrote:
> > > I would rather see qemu supported, in other words. But the version in
> > > wheezy is really old, and in xen/wheezy even more so.
> >
> > AFAIK Xen in Wheezy is using the version
Hi,
El 13/05/16 a las 09:51, Raphael Hertzog escribió:
> Hello,
>
> On Thu, 12 May 2016, Markus Koschany wrote:
> > I saw those commits too yesterday. I would suggest that we discuss EOLed
> > packages on debian-lts before we mark CVEs as unsupported in Wheezy LTS.
>
> Definitely, we should not
Hi,
On Thu, 12 May 2016, Guido Günther wrote:
> I have maintained icedove a while ago and know the codebase a bit. I'm
> also sure we might get support from the current maintainers as long as
> we're able to build the ESR releases for wheezy - which is Debian's
> standard way to deal with
Hello,
On Thu, 12 May 2016, Markus Koschany wrote:
> I saw those commits too yesterday. I would suggest that we discuss EOLed
> packages on debian-lts before we mark CVEs as unsupported in Wheezy LTS.
Definitely, we should not mark CVE as "end-of-life" before we agreed to
mark it as such in
On Thu, 12 May 2016, Antoine Beaupré wrote:
> On 2016-05-12 09:16:15, Santiago Ruano Rincón wrote:
> > Also, Antoine has filled a bug [1] regarding libmatroska and libebml,
> > but DLA-420-1 and DLA-438-1 addressed those packages. Antoine, why they
> > should be tagged as not-supported?
>
> Uh! I
On Thu, 12 May 2016, Guido Günther wrote:
> > I would rather see qemu supported, in other words. But the version in
> > wheezy is really old, and in xen/wheezy even more so.
>
> AFAIK Xen in Wheezy is using the version shipped with Xen itself and we
> have gathered extra support for this so
On Thu, May 12, 2016 at 10:07:17AM -0400, Antoine Beaupré wrote:
> On 2016-05-12 10:00:24, Guido Günther wrote:
> >> qemu and qemu-kvm were triaged as unsupported for CVE-2016-3712, but I
> >> think Guido is studying how to support virtualisation related packages,
> >> and maybe we should wait for
On 2016-05-12 10:14:26, Moritz Muehlenhoff wrote:
> On Thu, May 12, 2016 at 10:07:17AM -0400, Antoine Beaupré wrote:
>> On 2016-05-12 10:00:24, Guido Günther wrote:
>> >> qemu and qemu-kvm were triaged as unsupported for CVE-2016-3712, but I
>> >> think Guido is studying how to support
On Thu, May 12, 2016 at 10:07:17AM -0400, Antoine Beaupré wrote:
> On 2016-05-12 10:00:24, Guido Günther wrote:
> >> qemu and qemu-kvm were triaged as unsupported for CVE-2016-3712, but I
> >> think Guido is studying how to support virtualisation related packages,
> >> and maybe we should wait for
On 2016-05-12 10:00:24, Guido Günther wrote:
>> qemu and qemu-kvm were triaged as unsupported for CVE-2016-3712, but I
>> think Guido is studying how to support virtualisation related packages,
>> and maybe we should wait for his evaluation.
>
> I had zero feedback on supporting qemu so I'd
Am 12.05.2016 um 15:16 schrieb Santiago Ruano Rincón:
[...]
qemu
qemu-kvm
xen
> xen will be supported.
libvirt
>
> qemu and qemu-kvm were triaged as unsupported for CVE-2016-3712, but I
> think Guido is studying how to support virtualisation related packages,
> and maybe we
Hi Santiago,
On Thu, May 12, 2016 at 03:16:15PM +0200, Santiago Ruano Rincón wrote:
> Hi,
>
> Given the recent bug triaging, security-support-ended.deb7 needs more
> updating. I'm taking Mortiz's mail as reference, and I hope I are not
> missing other info:
>
> El 11/11/15 a las 21:59,
Hi,
Given the recent bug triaging, security-support-ended.deb7 needs more
updating. I'm taking Mortiz's mail as reference, and I hope I are not
missing other info:
El 11/11/15 a las 21:59, Sebastian Ramacher escribió:
> Hi
>
> On 2015-11-04 17:44:36, Raphael Hertzog wrote:
> > [ Many people are
Am 29.02.2016 um 18:04 schrieb Raphael Hertzog:
> On Mon, 29 Feb 2016, Markus Koschany wrote:
>> Matthias Klose, the OpenJDK maintainer, stated that he intends to
>> support OpenJDK 6 until Ubuntu 12.04 reaches EOL in April 2017 [1] and I
>> think it should be feasible to mirror this approach for
Am 29.02.2016 um 15:17 schrieb Raphael Hertzog:
> On Thu, 19 Nov 2015, Moritz Mühlenhoff wrote:
>> Another package which needs to be sorted out is the support for
>> Java. wheezy has both openjdk-6 and openjdk-7 (jessie has only
>> -7 and stretch will also only have one version).
>
> I asked our
On Thu, 19 Nov 2015, Moritz Mühlenhoff wrote:
> Another package which needs to be sorted out is the support for
> Java. wheezy has both openjdk-6 and openjdk-7 (jessie has only
> -7 and stretch will also only have one version).
I asked our current sponsors about OpenJDK 6 and none asked
us to
On Wed, Aug 19, 2015 at 01:02:59PM +0200, Moritz Muehlenhoff wrote:
> Hi,
> as a followup to yesterday's BoF I compared the list of unsupported
> packages in Squeeze LTS against the current status quo:
>
> (We try to split the LTS work from the normal security work, but I'm
> adding
Am 19.11.2015 um 21:45 schrieb Moritz Mühlenhoff:
[...]
> Another package which needs to be sorted out is the support for
> Java. wheezy has both openjdk-6 and openjdk-7 (jessie has only
> -7 and stretch will also only have one version).
>
> Currently the maintenance heavily relies on the
Hi
On 2015-11-04 17:44:36, Raphael Hertzog wrote:
> [ Many people are on copy, please trim the list as appropriate when you reply
> ]
>
> On Wed, 19 Aug 2015, Moritz Muehlenhoff wrote:
> > These need to be discussed, since they will be a significant
> > time drain (e.g. are they in the
Hello,
[just talking about Icedove]
Am 05.11.2015 um 08:47 schrieb Guido Günther:
>> Do you know someone from the Debian maintenance team or from the upstream
>> project which could be hired a few hours from time to time to provide the
>> required security updates on the above source packages
On Thu, Nov 05, 2015 at 08:43:38AM +0100, Moritz Muehlenhoff wrote:
> On Thu, Nov 05, 2015 at 06:47:03AM +0900, Mike Hommey wrote:
> > First and foremost, while GCC 4.7 is the current
> > minimum version supported, it's likely to become GCC 4.8 in the near
> > future, because of some wanted
Hi,
On Thu, Nov 05, 2015 at 09:10:26AM +0100, David Ayers wrote:
> Yet we could in theory live with backports of newer versions, as I
> assume the problem is that these are packages that are not supported
> upstream. But I'm not sure how much that would buy, since the versions
> of libvirt in sid
Hi,
On Thu, 05 Nov 2015, Mike Hommey wrote:
> Speaking for iceweasel, backports to wheezy are not a significant
> overhead compared to packaging for unstable and stable-security.
>
> With that being said, the fact that we're backporting new upstream
> ESR releases is going to have its own
On Wed, Nov 04, 2015 at 05:44:36PM +0100, Raphael Hertzog wrote:
> [ Many people are on copy, please trim the list as appropriate when you reply
> ]
>
> On Wed, 19 Aug 2015, Moritz Muehlenhoff wrote:
> > These need to be discussed, since they will be a significant
> > time drain (e.g. are they
Hi,
On Wed, Nov 04, 2015 at 05:44:36PM +0100, Raphael Hertzog wrote:
> [ Many people are on copy, please trim the list as appropriate when you reply
> ]
>
> On Wed, 19 Aug 2015, Moritz Muehlenhoff wrote:
> > These need to be discussed, since they will be a significant
> > time drain (e.g. are
On Thu, Nov 05, 2015 at 06:47:03AM +0900, Mike Hommey wrote:
> First and foremost, while GCC 4.7 is the current
> minimum version supported, it's likely to become GCC 4.8 in the near
> future, because of some wanted C++11/C++14 features.
That problem also bit us with chromium in wheezy.
Hi,
On Wed, Nov 04, 2015 at 05:44:36PM +0100, Raphael Hertzog wrote:
> [ Many people are on copy, please trim the list as appropriate when you reply
> ]
>
> On Wed, 19 Aug 2015, Moritz Muehlenhoff wrote:
> > These need to be discussed, since they will be a significant
> > time drain (e.g. are
On Wed, Nov 04, 2015 at 05:42:43PM +0100, Raphael Hertzog wrote:
> > movabletype-opensource
> > -> Upstream went closed source, Dominic kept in on life support,
> > should be checked with him
>
> Dominic, do you think movabletype-opensource can be supported in wheezy
> until May 2018?
No, I
[ Many people are on copy, please trim the list as appropriate when you reply ]
On Wed, 19 Aug 2015, Moritz Muehlenhoff wrote:
> as a followup to yesterday's BoF I compared the list of unsupported
> packages in Squeeze LTS against the current status quo:
> Support for these ended in Wheezy
Hello,
On Wed, 16 Sep 2015, Raphael Hertzog wrote:
> On Tue, 25 Aug 2015, Holger Levsen wrote:
> > > In addition it would make sense to exclude the OpenStack packages
> > > in wheezy, they are fully unsupported upstream und very unlikely
> > > to be used since OpenStack is evolving so fast. You
[ Many people are on copy, please trim the list as appropriate when you reply ]
On Wed, 19 Aug 2015, Moritz Muehlenhoff wrote:
> These need to be discussed, since they will be a significant
> time drain (e.g. are they in the sponsors's interests?). They
> are supportable, but it will take a lot
Hi Thomas,
I'd like to have your opinion on the question below. Thank you!
On Tue, 25 Aug 2015, Holger Levsen wrote:
> > In addition it would make sense to exclude the OpenStack packages
> > in wheezy, they are fully unsupported upstream und very unlikely
> > to be used since OpenStack is
42 matches
Mail list logo
